Difference between revisions of "Setup:BlueSpice Operating Manual"

Tag: 2017 source edit
 
Line 15: Line 15:
  
 
===System overview===
 
===System overview===
BlueSpice is a webbased client-server application. On the server side, it uses a web server (Apache, IIS, Nginx), the script language PHP, a database (MySQL or MariaDB), a JAVA application server (Tomcat or Jetty), and Elasticsearch. There are several binaries required on the server, such as phantomJS and Imagemagick. <span style="color: rgb(37, 37, 37)">Until version BlueSpice ≤ 3.2.x, a NodeJS service (Parsoid) is used as well.</span>
+
BlueSpice is a webbased client-server application. On the server side, it uses a web server (Apache, IIS, Nginx), the script language PHP, a database (MySQL or MariaDB), a JAVA application server (Tomcat or Jetty), and Elasticsearch. There are several binaries required on the server, such as phantomJS and Imagemagick. Until version BlueSpice ≤ 3.2.x, a NodeJS service (Parsoid) is used as well.
  
 
BlueSpice can be run in a distributed environment. All services can be put on individual servers (web server + PHP, database, application server, Elasticsearch). A common scenario is to scale the web server and PHP horizontally.
 
BlueSpice can be run in a distributed environment. All services can be put on individual servers (web server + PHP, database, application server, Elasticsearch). A common scenario is to scale the web server and PHP horizontally.
Line 142: Line 142:
 
*Windows: <code>services.msc</code>
 
*Windows: <code>services.msc</code>
  
'''Parsoid''' <span class="ve-pasteProtect" style="color: rgb(37, 37, 37)">(not required since BlueSpice 4.0)</span>
+
'''Parsoid''' (not required since BlueSpice 4.0)
  
 
*Linux: <code>pm2 start /opt/parsoid/bin/server.js</code> OR <code>systemctl start parsoid</code>
 
*Linux: <code>pm2 start /opt/parsoid/bin/server.js</code> OR <code>systemctl start parsoid</code>
Line 160: Line 160:
 
*Windows: <code>services.msc</code>
 
*Windows: <code>services.msc</code>
  
'''Parsoid''' <span class="ve-pasteProtect" style="color: rgb(37, 37, 37)">(not required since BlueSpice 4.0)</span>
+
'''Parsoid''' (not required since BlueSpice 4.0)
  
 
*Linux: <code>pm2 stop /opt/parsoid/bin/server.js</code>  OR <code>systemctl stop parsoid</code>
 
*Linux: <code>pm2 stop /opt/parsoid/bin/server.js</code>  OR <code>systemctl stop parsoid</code>
Line 188: Line 188:
 
*Windows: <code>[https://en.wikipedia.org/wiki/Service_Control_Manager services.mmc]</code>
 
*Windows: <code>[https://en.wikipedia.org/wiki/Service_Control_Manager services.mmc]</code>
  
'''Parsoid''' <span class="ve-pasteProtect" style="color: rgb(37, 37, 37)">(not required since BlueSpice 4.0)</span>
+
'''Parsoid''' (not required since BlueSpice 4.0)
  
 
*Linux: <code>pm2 restart /opt/parsoid/bin/server.js</code>
 
*Linux: <code>pm2 restart /opt/parsoid/bin/server.js</code>
Line 232: Line 232:
 
*Web server: ping the login page of the wiki: <wiki_url>/Special:Login
 
*Web server: ping the login page of the wiki: <wiki_url>/Special:Login
 
*Database: check database connectivity with username and password authentication.
 
*Database: check database connectivity with username and password authentication.
*Parsoid: check port 8000 connectivity via 127.0.0.1 <span class="ve-pasteProtect" style="color: rgb(37, 37, 37)">(not required since BlueSpice 4.0)</span>
+
*Parsoid: check port 8000 connectivity via 127.0.0.1 (not required since BlueSpice 4.0)
 
*Elasticsearch: check port 9200 connectivity via 127.0.0.1
 
*Elasticsearch: check port 9200 connectivity via 127.0.0.1
  
Line 319: Line 319:
 
*Apache error logs: <code>/var/log/apache2/*error.log</code> (Also includes PHP errors)
 
*Apache error logs: <code>/var/log/apache2/*error.log</code> (Also includes PHP errors)
 
*Browser console
 
*Browser console
*Parsoid log: <code>pm2 logs</code> OR <code>/var/log/parsoid.log</code>(systemd and init.d) <span class="ve-pasteProtect" style="color: rgb(37, 37, 37)">(not required since BlueSpice 4.0).</span>
+
*Parsoid log: <code>pm2 logs</code> OR <code>/var/log/parsoid.log</code>(systemd and init.d) (not required since BlueSpice 4.0).
 
*Elasticsearch: <code>/var/log/elasticsearch/</code>
 
*Elasticsearch: <code>/var/log/elasticsearch/</code>
 
*Tomcat: By default logging is turned of. Depending on system, logging can be enabled via configuration XML files.
 
*Tomcat: By default logging is turned of. Depending on system, logging can be enabled via configuration XML files.

Latest revision as of 17:56, 21 January 2022

Objective

The objective of this operating manual is to enable you to run BlueSpice smoothly and successfully in your IT environment. It aims to answer your questions as deciders, IT auditors and server administrators, such as:

  • Where do I get information about BlueSpice and its development?
  • What do I have to consider when operating BlueSpice?
  • How do I backup and monitor BlueSpice?

The most current version can be found at https://wiki.bluespice.com . This manual is designed to provide general information. Feel free to copy it over to your local BlueSpice and amend it according to your process and documentation requirements. Since the IT environment can change over time through updates and restructuring, it is advisable to check the information in the operating manual for being up-to-date.

The structure of this manual is based on the recommendations of the German Federal Office for Information Security, which can be found here.

Overview

System overview

BlueSpice is a webbased client-server application. On the server side, it uses a web server (Apache, IIS, Nginx), the script language PHP, a database (MySQL or MariaDB), a JAVA application server (Tomcat or Jetty), and Elasticsearch. There are several binaries required on the server, such as phantomJS and Imagemagick. Until version BlueSpice ≤ 3.2.x, a NodeJS service (Parsoid) is used as well.

BlueSpice can be run in a distributed environment. All services can be put on individual servers (web server + PHP, database, application server, Elasticsearch). A common scenario is to scale the web server and PHP horizontally.

Typically, inhouse deployments of BlueSpice consist of a production environment and a corresponding test environment. In scenarios with elevated SLAs, an additional QA environment is used as an intermediary before production.

Owners, responsible persons and contacts

BlueSpice is developed and maintained by

Hallo Welt! GmbH
Maximilianstraße 9
93047 Regensburg
https://www.hallowelt.com

For technical questions, please contact Hallo Welt! GmbH support at support@hallowelt.com.

For questions about your contract, please contact the Hallo Welt! GmbH sales team at sales@hallowelt.com .

Operating times

Typically, BlueSpice instances run 24/7. Operations are managed by the organization's IT department or their service providers. Hallo Welt! provides support and guidance during their office hours (8am - 6pm CET/CEST).

System and version history

All BlueSpice versions are documented in the BlueSpice helpdesk: https://en.wiki.bluespice.com/wiki/Setup:Release_History

All changes can be retraced in our current and archived release notes: https://en.wiki.bluespice.com/wiki/Setup:Release_Notes

Documentation

BlueSpice maintains an online documentation which is continuously kept up to date: https://en.wiki.bluespice.com

There is also a user manual: https://en.wiki.bluespice.com/wiki/UserManual:User_Manual_Introduction

Administration is documented here: https://en.wiki.bluespice.com/wiki/UserManual:Admin_Manual_Introduction

In addition, there is a community forum: https://sourceforge.net/p/bluespice/_list/tickets

News about the product can be found in our blog: https://bluespice.com/category/news-know-how/

Also, BlueSpice maintains a newsletter. Sign up here: https://bluespice.com/

For more information, follow us on Twitter: https://twitter.com/BlueSpiceTweets

Installation manual Windows/Linux (including upgrade instructions)

BlueSpice maintains an online installation manual: https://en.wiki.bluespice.com/wiki/Setup:Installation_Guide

System architecture and interfaces

The following section gives an overview of the components of BlueSpice and how they interact with each other and the environment.

System integration

BlueSpice is a web application which can be integrated with your IT environment, most notably LDAP and email.

drawio: BlueSpice system architecture high level

Server architecture

Internally, BlueSpice has several components which are responsible for parts of the functionality.

drawio: BlueSpice system architecture server

Vertically distributed architecture

For simple scaling, some services can be externalized to other physical or virtual servers.

drawio: BlueSpice system architecture server distributed simple

Horizontally distributed architecture

For high traffic or high availability demands, BlueSpice can be set up to scale horizontally.

drawio: BlueSpice system architecture server distributed horizontally

Components and responsibilities

Servers, operating system, licenses and software infrastructure are typically managed by your organization's IT.

Hallo Welt! typically manages the application and required components.

There may be special contractual agreements.

External interfaces (to other organizations)

Technically, BlueSpice can be set up to operate completely self-contained (contact our support if you have questions about your instance). On the server, no external sources are queried. In the standard installation, there are content modules which draw data from external sources on the client side (browser):

  • draw.io: The diagram tool is loaded directly from draw.io. All content remains on the BlueSpice wiki.
  • maps: Embedded maps are collected from Google or OpenStreetMap.
  • widgets: The purpose of widgets is to display content from public sources like YouTube.
  • chemical formulas: The formula rendering uses an external service via Wikimedia's REST API.

On the organizational side, the team of Hallo Welt! GmbH typically provides 3rd level support for subscribed BlueSpice instances. Hallo Welt! GmbH teams up with the internal IT of the organization as well as with IT infrastructure providers of our customers.

IT internal interfaces

A standard BlueSpice installation connects to the following services in order to be fully functional:

  • User directory: BlueSpice can be configured to authenticate against a company user directory (typically Active Directory). The protocols used are LDAP and SAML.
  • Email: BlueSpice needs to be connected to an email server in order to send notifications.

API

BlueSpice comes with an API interface.

Installation and system requirements

System requirements

The current system requirements are documented here: https://en.wiki.bluespice.com/wiki/Setup:System_requirements

Software catalogue

All BlueSpice components are listed in the software catalogue: https://en.wiki.bluespice.com/wiki/Setup:Software_Catalogue

Changes in configuration

Changes in configuration can occur in minor and major releases. Please consider the upgrade information provided here: https://en.wiki.bluespice.com/wiki/Setup:Installation_Guide/Upgrade

Start and interrupt the service

Startup

In order to start up BlueSpice, all the required services need to be running. Please make sure you start the services in the order given here:

Database

  • Linux: service mysql start OR systemctl start mysql
  • Windows: services.msc

Application server (Tomcat or Jetty)

  • Linux: service jetty9 start OR systemctl start jetty9
  • Windows: services.msc

Elasticsearch

  • Linux: service elasticsearch start OR systemctl start elasticsearch
  • Windows: services.msc

Parsoid (not required since BlueSpice 4.0)

  • Linux: pm2 start /opt/parsoid/bin/server.js OR systemctl start parsoid
  • Windows: services.msc

Web server

  • Linux: service apache2 start OR systemctl start apache2
  • Windows: services.msc

Shutdown

In order to shut down BlueSpice, all the required services need to be stopped. Please make sure you stop the services in the order given here:

Web server

  • Linux: service apache2 stop OR systemctl stop apache2
  • Windows: services.msc

Parsoid (not required since BlueSpice 4.0)

  • Linux: pm2 stop /opt/parsoid/bin/server.js OR systemctl stop parsoid
  • Windows: services.msc

Application server (Tomcat or Jetty)

  • Linux: service jetty9 stop OR systemctl stop jetty9
  • Windows: services.msc

Elasticsearch

  • Linux: service elasticsearch stop OR systemctl stop elasticsearch
  • Windows: services.msc

Database

  • Linux: service mysql stop OR systemctl stop mysql
  • Windows: services.msc

Configuration changes

After changes to the configuration, the service with the changed configuration needs to be restarted.

Webserver

Parsoid (not required since BlueSpice 4.0)

  • Linux: pm2 restart /opt/parsoid/bin/server.js
  • Windows: services.mmc

Application server (Tomcat or Jetty)

Elasticsearch

Database

  • Linux: service mysql restart OR systemctl restart mysql
  • Windows: services.mmc

Unplanned server outage

Identify which service is not running and restart this service.

Standard operations

User management

Recurring background tasks

BlueSpice is set up to conduct some tasks in the background. These are

  • maintenance/runJobs.php

For details see: https://en.wiki.bluespice.com/wiki/Setup:Installation_Manual/Optimization/Cronjobs

Backup

Detailed backup instructions can be found here: https://en.wiki.bluespice.com/wiki/Setup:Installation_Guide/Advanced/Backup

Monitoring

Apart from the common parameters to monitor (disk space, CPU load, memory usage), the following services can be monitored for availability:

  • Web server: ping the login page of the wiki: <wiki_url>/Special:Login
  • Database: check database connectivity with username and password authentication.
  • Parsoid: check port 8000 connectivity via 127.0.0.1 (not required since BlueSpice 4.0)
  • Elasticsearch: check port 9200 connectivity via 127.0.0.1

If any of those services is not available, BlueSpice is either not operational or experiencing functional restrictions.

Diagnostics

In case of errors, please consider the error logs. These are:

  • In the web browser, open the console and check for JavaScript errors
  • For the web server, check the web server's error log and php error log.

Troubleshooting

If one or more services are not working:

  • Check the available system resources, in particular the free disk space
  • Restart all services

If the problem persists, contact BlueSpice support.

Key performance indicators

Server

Standard parameters for servers apply:

  • Disk space < 80% usage
  • CPU load should not peak to 100% for more than 1s
  • Load average should not be more than CPU core count
  • Average memory usage should not exceed 90%
  • For GNU/Linux systems, try to avoid high swap space usage.

For a standard server sizing (4 cores, 8 GB ram), the number of average simultaneous users is optimized for 25 per server. This means, one server can handle about 125 concurrent users.

The php error log should not report any FATAL or WARNING messages

Client

The reference page Special:Version should load under 4s without browser cache and under 2.5s with browser cache enabled.

Known restrictions

Functional restrictions

This is now services map onto BlueSpice functionality:

  • Web server: required for BlueSpice basic operations
  • Database: required for BlueSpice basic operations
  • Tomcat: required for PDF and VisualDiff
  • Elasticsearch: required for ExtendedSearch and various title select boxes. Will fallback to standard MediaWiki search if not available.
  • PhantomJS: required for rendering article preview images.
  • Parsoid: required for VisualEditor. Note: since BlueSpice 4.0 this is no longer required.

All services other than web server and database are optional. If not present, the named functionality will not be available.

Technical restrictions

Updates of major and minor level might require a system downtime due to database migration operations.

Resource related restrictions

Response times are dependent on the server resources, foremost CPU power.

The number of concurrent users a server can handle is directly related to server memory size and CPU power.

Please note: we strongly recommend having a separate testing system. This can be used for update/upgrade preparation, debugging and collecting sizing information. If no testing system is present, occasional downtimes may occur when debugging and maintenance operations are conducted.

Archiving and deletion of data

Variable data (Strongly growing data)

The following locations store variable data, which is not recoverable in case of data loss, and must be backed up regularly:

  • The database stores most data of BlueSpice, including articles, users and action logs.
  • The images folder stores all uploaded files.

There is some secondary data stored in Elasticsearch (for BlueSpice Social and Statistics). This data can be fully recovered from the primary data stored in the database.

Master data (Slowly growing data)

The following locations store master data, which requires considerable effort to recover in case of data loss and should be backed up regularly:

  • Configuration:
    • LocalSettings.php and LocalSettings.BlueSpice.local.php contain the basic configuration including sitename, security keys and database access.
    • settings.d folder contains information about activated extensions.
    • extensions/BlueSpiceFoundation/config folder holds information about namespace setup and permission configuration.
  • Templates and skins
    • extensions/BlueSpiceFoundation/data folder holds PDF templates.

Log files and error files

  • Php error log: /var/log/php-fpm.log (Only for php-fpm service)
  • Apache access log: /var/log/apache2/*access.log
  • Apache error logs: /var/log/apache2/*error.log (Also includes PHP errors)
  • Browser console
  • Parsoid log: pm2 logs OR /var/log/parsoid.log(systemd and init.d) (not required since BlueSpice 4.0).
  • Elasticsearch: /var/log/elasticsearch/
  • Tomcat: By default logging is turned of. Depending on system, logging can be enabled via configuration XML files.
  • Windows event log: MS Windows logs are not txt format. Access is possible via Event Viewer

Security and compliance

Internet access

For standard operations, BlueSpice does not require Internet access. BlueSpice does not make any outgoing calls. See section External interfaces for details.

In our default setup, the client will access draw.io for editing diagrams. Here, only application data is loaded from the site. No content data will be passed on to draw.io. On request, Hallo Welt! can install an on-premise version of draw.io (additional charges apply).

Auxiliary service data access

Tomcat, Elasticsearch and PhantomJS will receive data from BlueSpice core components. They are agnostic to access rights and do have full access to all data stored on BlueSpice. It is therefore recommended to restrict access to these services to localhost or the web server's IP address. In case Hallo Welt! performs the installation, this is the default setup. No external access to these services shall be permitted.

Privacy

GDPR compliancy is handled by BlueSpice Privacy Center. More information can be found here: https://en.wiki.bluespice.com/wiki/Manual:Extension/BlueSpicePrivacy

Legal information

For all legal information, including the Subscription contract, GDPR information and DPA, Anti Bribery Policy and Software catalogue, please refer to the BlueSpice homepage: https://bluespice.com/legal-documents-and-guidelines/

No categories assignedEdit

Discussions

Attachments